Modern computer systems place a high importance on maintaining data and application security. In a modern distributed and/or virtual computer system environment, where a plurality of users, services, applications, virtual machines, controlling domains and hosts have access to a computer system, maintaining data and application security may be a difficult problem. In a distributed and/or virtual computer system environment, for example, where the computer system resources may be provided by a computing resource service provider, customers may also wish for additional security for sensitive or restricted data, protecting such data even from the computing resource service provider.
Encrypting data or applications may help ameliorate the security concerns, but users often desire additional assurances. For example, users may desire additional assurances that malicious applications are unable to temporarily obtain trusted status on a host machine, thereby gaining access to the encryption keys and thus compromising the encryption security. Similarly, a controlling domain or operating system on a virtual machine may always have trusted status and thus can read or write directly from computer system memory freely. Accordingly, users may desire assurances of the security of data and applications operating within a computing resource service provider, even against potential discovery by the computing resource service provider.